<?php
	//start session
	session_start();
	class logmein
	{
		//database setup 
	    //MAKE SURE TO FILL IN DATABASE INFO
		var $hostname_logon = 'localhost';			//Database server LOCATION
		var $database_logon = 'sudeep_27092010';	//Database NAME
		var $username_logon = 'root';				//Database USERNAME
		var $password_logon = 'kumars';				//Database PASSWORD
		
		//table fields
		var $user_table  = 'users';					//Users table name
		var $user_column = 'User_Email_ID';			//USERNAME column (value MUST be valid email)
		var $pass_column = 'User_Password';			//PASSWORD column
		var $user_level  = 'User_Access_Level';		//(optional) userlevel column
		
		//encryption
		var $encrypt = true;		//set to true to use md5 encryption for the password

		//connect to database
		function dbconnect()
		{
			$connections = mysql_connect($this->hostname_logon, $this->username_logon, $this->password_logon) or die ('Unabale to connect to the database');
			mysql_select_db($this->database_logon) or die ('Unable to select database!');	
			return;
		}
	
		//login function
		function login($table, $username, $password)
		{	
		    $this->dbconnect();
			//make sure table name is set
			if($this->user_table == "")
			{
				$this->user_table = $table;
			}
			//check if encryption is used
			if($this->encrypt == true){
				$password = md5($password);	
			}
			
			//execute login via qry function that prevents MySQL injections
			$result = $this->qry("SELECT * FROM ".$this->user_table." WHERE ".$this->user_column."='?' AND ".$this->pass_column." = '?';" , $username, $password);
			$row=mysql_fetch_assoc($result);
			if($row != "Error")
			{
				if($row[$this->user_column] !="" && $row[$this->pass_column] !="")
				{
					//register sessions
					//you can add additional sessions here if needed
					$_SESSION['loggedin'] = $row[$this->pass_column];
					//userlevel session is optional. Use it if you have different user levels
					$_SESSION['userlevel'] = $row[$this->user_level];
					return true;	
				}
				else
				{
					session_destroy();
					return false;
				}
			}
			else
			{
				return false;
			}
			
		}
	
		//prevent injection
		function qry($query)
		{
			$this->dbconnect();
      		$args  = func_get_args();
			$query = array_shift($args);
			$query = str_replace("?", "%s", $query);
			$args  = array_map('mysql_real_escape_string', $args);
			array_unshift($args,$query);
			$query = call_user_func_array('sprintf',$args);
			$result = mysql_query($query) or die(mysql_error());
			if($result)
			{
				return $result;
			}
			else
			{
				$error = "Error";
				return $result;
			}
		}
	
		//logout function 
		function logout()
		{
			session_destroy();
			return;
		}
	
		//check if loggedin
		function logincheck($logincode, $user_table, $pass_column, $user_column)
		{
		    $this->dbconnect();	
	        //make sure password column and table are set
			if($this->pass_column == "")
			{
				$this->pass_column = $pass_column;	
			}
			if($this->user_column == "")
			{
				$this->user_column = $user_column;	
			}
			if($this->user_table == "")
			{
				$this->user_table = $user_table;	
			}
			//exectue query
			$result = $this->qry("SELECT * FROM ".$this->user_table." WHERE ".$this->pass_column." = '?';" , $logincode);
			$rownum = mysql_num_rows($result);
			//return true if logged in and false if not
			if($row != "Error")
			{
				if($rownum > 0)
				{
					return true;	
				}
				else
				{
					return false;	
				}
			}
		}
	
		//reset password
		function passwordreset($username, $user_table, $pass_column, $user_column)
		{
			$this->dbconnect();
	        //generate new password
			$newpassword = $this->createPassword();
			
			//make sure password column and table are set
			if($this->pass_column == "")
			{
				$this->pass_column = $pass_column;	
			}
			if($this->user_column == "")
			{
				$this->user_column = $user_column;	
			}
			if($this->user_table == "")
			{
				$this->user_table = $user_table;	
			}
			//check if encryption is used
			if($this->encrypt == true)
			{
				$newpassword = md5($newpassword);	
			}
			
			//update database with new password
			$qry 	= "UPDATE ".$this->user_table." SET ".$this->pass_column."='".$newpassword."' WHERE ".$this->user_column."='".stripslashes($username)."'";
			$result = mysql_query($qry) or die(mysql_error());
			
			$to = stripslashes($username);
			//some injection protection
			$illigals	= array("n", "r","%0A","%0D","%0a","%0d","bcc:","Content-Type","BCC:","Bcc:","Cc:","CC:","TO:","To:","cc:","to:");
			$to 		= str_replace($illigals, "", $to);
			$getemail = explode("@",$to);
			
			//send only if there is one email
			if(sizeof($getemail) > 2)
			{
				return false;	
			}
			else
			{
				//send email
				$from = $_SERVER['SERVER_NAME'];
				$subject = "Password Reset: ".$_SERVER['SERVER_NAME'];
				$msg = "<p>Your new password is: ".$newpassword."</p>";
				
				//now we need to set mail headers
				$headers = "MIME-Version: 1.0 rn" ;
				$headers .= "Content-Type: text/html; rn" ;
				$headers .= "From: $from  rn" ;
				
				//now we are ready to send mail
				$sent = mail($to, $subject, $msg, $headers);
				if($sent)
				{
					return true; 
				}
				else
				{
					return false;	
				}
			}
		}
	
		//create random password with 8 alphanumerical characters
		function createPassword()
		{
			$chars = "abcdefghijkmnopqrstuvwxyz023456789";
			srand((double)microtime()*1000000);
			$i = 0;
			$pass = '' ;
			while ($i <= 7)
			{
				$num = rand() % 33;
				$tmp = substr($chars, $num, 1);
				$pass = $pass . $tmp;
				$i++;
			}
			return $pass;
		}
	
		//login form
		function loginform($formname, $formclass, $formaction)
		{
		      $this->dbconnect();
	              echo'<form name="'.$formname.'" method="post" id="'.$formname.'" class="'.$formclass.'" enctype="application/x-www-form-urlencoded" action="'.$formaction.'">
					<div><label for="username">Username</label>
					<input name="username" id="username" type="text"></div>
					<div><label for="password">Password</label>
					<input name="password" id="password" type="password"></div>
					<input name="action" id="action" value="login" type="hidden">
					<div><input name="submit" id="submit" value="Login" type="submit"></div>
				</form>';
		}
		//reset password form
		function resetform($formname, $formclass, $formaction)
		{
			$this->dbconnect();
	                echo'<form name="'.$formname.'" method="post" id="'.$formname.'" class="'.$formclass.'" enctype="application/x-www-form-urlencoded" action="'.$formaction.'">
					<div><label for="username">Username</label>
					<input name="username" id="username" type="text"></div>
					<input name="action" id="action" value="resetlogin" type="hidden">
					<div><input name="submit" id="submit" value="Reset Password" type="submit"></div>
				</form>';
		}
		//function to install logon table
		function cratetable($tablename)
		{
	                $this->dbconnect();
			$qry = "CREATE TABLE IF NOT EXISTS ".$tablename." (
				  userid int(11) NOT NULL auto_increment,
				  useremail varchar(50) NOT NULL default '',
				  password varchar(50) NOT NULL default '',
				  userlevel int(11) NOT NULL default '0',
				  PRIMARY KEY  (userid)
				)";
			$result = mysql_query($qry) or die(mysql_error());
			return;
		}
       //register function by Micah B-F.
		function register($table, $username, $password)
		{ 
		    //conect to DB
		    $this->dbconnect(); 
		    //make sure table name is set 
		    if($this->user_table == "")
		    { 
		   	 $this->user_table = $table; 
		    } 
		    //check if encryption is used 
		    if($this->encrypt == true)
		    { 
		    	$password = md5($password); 
		    } 
		    //execute registration via qry function that prevents MySQL injections 
		    $result = $this->qry("INSERT INTO ".$this->user_table." VALUES(DEFAULT,'?','?',DEFAULT)", $username, $password); 
		    $row=mysql_fetch_assoc($result); 
		    if($row != "Error")
		    { 
			    if($row[$this->user_column] !="" && $row[$this->pass_column] !="")
			    { 
			        //register sessions 
			        //you can add additional sessions here if needed 
			        $_SESSION['loggedin'] = $row[$this->pass_column]; 
			        $_SESSION['username'] = $username; 
			        //userlevel session is optional.Use it if you have different user levels
			        $_SESSION['userlevel'] = $row[$this->user_level]; 
			        return true;
			    }
			    else
			    {
			        session_destroy(); 
			        return false; 
			    }
		    }
		    else
		    {
		    	return false; 
		    } 
		}
	}

?>